Cyber Threats Surge Globally in 2025: Kaspersky Reports Sharp Rise in Malware Attacks

Global cyber threats escalated significantly in the outgoing year 2025, with password-stealing malware increasing by 59 percent, spyware by 51 percent, and backdoor attacks by 6 percent. On average, half a million malicious files came under attack every day—marking a 7 percent rise compared to the previous year.

Throughout the year, Windows users faced the highest level of cyber risk, accounting for 48 percent of total attacks, while 29 percent targeted Mac users.

Worldwide, 27 percent of users experienced online-based attacks, and 33 percent encountered device-based threats, which spread through USBs, disks, or installers.

The findings were revealed in the Kaspersky Security Bulletin Series, which summarized global cybersecurity trends based on the company’s detection system reports.

From 2024 to 2025, cyber threats increased significantly across all regions. APAC and Europe recorded the fastest growth in password-stealing and spyware attacks, while Latin America, Africa, and CIS countries also saw notable spikes in malware activity.

Alexander Liskin, Head of Threat Research at Kaspersky, said,
“Today’s cyber landscape is more complex than ever. This year we saw the return of the ‘Hacking Team,’ rebranded in 2019, whose commercial spyware Dante was used in the ForumTroll APT campaign exploiting zero-day vulnerabilities in Chrome and Firefox. Software vulnerabilities and stolen passwords remain the easiest ways to infiltrate corporate networks, contributing to the sharp rise in password stealers and spyware. Supply chain attacks have also surged, particularly targeting open-source software. For the first time, the NPM worm Shai-Hulud was identified, raising further concern.”

He added that without robust cybersecurity strategies, organizations risk prolonged operational disruption. Individual users, too, may compromise both personal and workplace data due to poor digital hygiene.

Kaspersky advised personal users to avoid downloading apps or clicking links from untrusted sources, enable two-factor authentication, and use strong, unique passwords for all accounts. Regular software updates are essential, and any message instructing users to disable security tools should be ignored. Kaspersky Premium was recommended as a reliable protection solution.

For organizations, the company stressed the importance of timely software updates, restricting open remote desktop services, enforcing strong password policies, and using Kaspersky Next for enhanced infrastructure security and monitoring. Staying informed about emerging cyber threats through threat intelligence and maintaining regular, isolated, and secure backups were also emphasized.

The statistics in the report were compiled from data collected by the Kaspersky Security Network (KSN) between November 2024 and October 2025.

Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company protecting over one billion devices. With leading endpoint protection, specialized security solutions, and cyber-immune technologies, the company safeguards critical information for more than 220,000 corporate clients worldwide.

DBTech/PR/EK/OR